	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the "back" button on the weblogout page

To: cosign-discuss@xxxxxxxxx
Subject: the "back" button on the weblogout page
From: Gavin Eadie <gavin@xxxxxxxxx>
Date: Wed, 7 Sep 2005 12:47:33 -0400

After logging out from an application, the option to log out from the weblogin service is presented on a screen with "Back" and "Logout" buttons. The "Back" button tries to take the user to the last page they visited.

If this return into the application would be to a "deep" page (one that might represent a half-way point in a process the user abandoned by clicking application logout), things get a little messy. It's nothing that the application cannot cope with by detecting the attempt to reuse a terminated, or nonexistent, session and then presenting the user with the application's front door, instead of the targeted page.

I also see an Apache cosign directive which looks like it might also be useful.

CosignSiteEntry ... [ the URL to redirect to after login ]

If this is set to the URL of the application's front page, will the behavior be to bring a user who clicks "Back," as in the above scenario, to that front page and obviate the need for the application to catch the "missing session" case?

Also, in passing, when the user clicks the weblogin logout, their next presented page can be specified by the "?http://..."; which may be passed to weblogin on the logout request. Would it make sense to have the target of the "Back" button similarly, optionally configurable?

Follow-Ups:
- Re: the "back" button on the weblogout page
  - From: Mark Montague

Prev by Date: mod_cosign / mod_authz_ldap behavior
Next by Date: RE: the "back" button on the weblogout page
Previous by thread: Re: mod_cosign / mod_authz_ldap behavior
Next by thread: Re: the "back" button on the weblogout page
Index(es):
- Date
- Thread